Toughest encryption defeated by stethoscope

After the NSA scandal, companies rushed to use 4096-bit RSA to protect their secrets.  Now it turns out that it can be beaten by careful listening.

Daniel Genkin, RSA inventor Adi Shamir, and Eran Tromer have managed to break the encryption algorithms by listening to the noise a computer makes when it decrypts some encrypted data.

The attack is fairly simple and can be carried out with basic hardware.

Security researchers listen to the 10 to 150 KHz sounds produced by your computer as it decrypts data.

The researchers successfully extracted decryption keys over four meters with a high-quality parabolic microphone.  However they also managed it with a smartphone placed 30 cm away from the target laptop. The same kind of electrical data can be taken from the power socket, the remote end of an Ethernet cable, or by touching the computer.

It means that you could be sitting decrypting your data at Starbucks and James Bond could stick his phone on the table and snaffle the lot.

With HTML5 and Flash able to access the microphone, it would be possible to build a website that listens for encryption keys.

The researchers said that if you put a microphone into a co-located server, slot it into a rack in a datacentre, you could scoop up the encryption keys from hundreds of nearby servers.

The only way to defend against the attack is use a more heavy-duty encryption, and hire someone not to get too close.

At the moment if an attacker can’t get physically close to your data, it instantly becomes much harder to nick it.  You could stick your laptop in a sound-tight box, but this does reduce the portability.